GDPR applies to companies operating software, not the software itself.
As Aki pointed out (somewhere) in this thread, Dovecot doesn't store passwords
itself, and doesn't work unless an admin proactively configures at least one
authentication mechanism, so it is "secure by default" under any defi
On 12.02.25 01:25, Steven Varco via dovecot wrote:
So, after my mandatory rant :D, the DEFAULT setup of dovecot should actually be
as simple as possible.
I fully second that. There is no need to discuss whether dovecots
default password storage complies to GDPR or not. The administrator or
>
> > Therefore, Dovecot's plain text default, and the md5 option, are both
> non-GDPR compliant.
> >
> > To avoid monetary sanctions, Dovecot ought to change how it stores
> passwords by default.
> >
> > Please do not ignore this message.
>
> GDPR is some piece of bull*it regulation made by th
> Therefore, Dovecot's plain text default, and the md5 option, are both
> non-GDPR compliant.
>
> To avoid monetary sanctions, Dovecot ought to change how it stores passwords
> by default.
>
> Please do not ignore this message.
GDPR is some piece of bull*it regulation made by the EU. Dovecot
On 10/02/2025 20:36 EET Kent Borg via dovecot
wrote:
On 2/10/25 5:07 AM, Robert Nowotny via dovecot wrote:
>> A default dovecot (el9 rpm) install is compliant as it does not
work
>> and does not do anything, it is just a bunch of binaries on a
dis
On 2/10/25 5:07 AM, Robert Nowotny via dovecot wrote:
A default dovecot (el9 rpm) install is compliant as it does not work
and does not do anything, it is just a bunch of binaries on a disk.
and how exactly this answer is useful ?
oh my, I am feeding the troll again
I see it as a useful
SCRAM-SHA-256/512 could be one.
Aki
> On 10/02/2025 16:13 EET Jochen Bern via dovecot wrote:
>
>
> On 10.02.25 14:18, Aki Tuomi wrote:
> > I am not sure how we should actually implement this. Do you mean
> > that we should require that you always provide a password scheme
> > for credentials,
On 10.02.25 14:18, Aki Tuomi wrote:
I am not sure how we should actually implement this. Do you mean
that we should require that you always provide a password scheme
for credentials, or require explicit {PLAIN} prefix or what?
Everything costs something and has unexpected side-effects, like
break
> On 10 Feb 2025, at 10:23, Rupert Gallagher via dovecot
> wrote:
>
> Dovecot aligns the password encryption scheme used by the imap client with
> the password storage scheme used by the server.
>
> Since the default is set to plain text, the client sends the password in
> plain text (tls tun
Von:* Rupert Gallagher via dovecot
>
> *Gesendet:* Montag, 10. Februar 2025 um 13:51 MEZ
>
> *An:* aki.tu...@open-xchange.com
>
> *Kopie:* dovecot
>
> *Betreff:* RE: Dovecot's default password storage scheme is not GDPR
> compliant
>
>
> > I do, Aki.
Your argument is "that a default install is not compliant" and therefore you
ask people to change things. I am proving your argument is incorrect, so the
basis of your change request is gone.
> > A default dovecot (el9 rpm) install is compliant as it does not work
> and does not do anything, i
13:56 MEZ
*An:* Rupert Gallagher , aki.tu...@open-xchange.com
*Kopie:* dovecot
*Betreff:* RE: Dovecot's default password storage scheme is not GDPR
compliant
This is not the point, however.
The point is that the default is not GDPR compliant, and a first easy
alternative is als
: Dovecot's default password storage scheme is not GDPR
compliant
I do, Aki.
This is not the point, however.
The point is that the default is not GDPR compliant, and a first easy
alternative is also not GDPR compliant, and decoupling the user scheme from the
server storage scheme is not a
>
> This is not the point, however.
>
> The point is that the default is not GDPR compliant, and a first easy
> alternative is also not GDPR compliant, and decoupling the user scheme
> from the server storage scheme is not at all obvious. Adopting a GDPR-
> compliant default would send out the in
I do, Aki.
This is not the point, however.
The point is that the default is not GDPR compliant, and a first easy
alternative is also not GDPR compliant, and decoupling the user scheme from the
server storage scheme is not at all obvious. Adopting a GDPR-compliant default
would send out the in
> On 10/02/2025 12:23 EET Rupert Gallagher via dovecot
> wrote:
>
>
> Dovecot aligns the password encryption scheme used by the imap client with
> the password storage scheme used by the server.
>
> Since the default is set to plain text, the client sends the password in
> plain text (tl
>
> Dovecot aligns the password encryption scheme used by the imap client
> with the password storage scheme used by the server.
>
> Since the default is set to plain text, the client sends the password in
> plain text (tls tunneled), and the server local storage of passwords is
> a plain text fi
Dovecot aligns the password encryption scheme used by the imap client with the
password storage scheme used by the server.
Since the default is set to plain text, the client sends the password in plain
text (tls tunneled), and the server local storage of passwords is a plain text
file.
For m
18 matches
Mail list logo
